The past decade has witnessed numerous demonstrations that genomic data can be traced back to the corresponding named individuals. These attacks exploit various collections, including the NIH Database of Genotypes and Phenotypes (dbGaP), the 1000 Genomes Project, and the Beacon Project of the Global Alliance for Genomics and Health, and are often reported in the popular media. At the same time, research conducted in the first phase of this grant (from 2012-2016) showed that such re-identification attacks often represent worst- case, non-generalizable scenarios. Specifically, it was shown that these attacks often focus on the possibility of attack - and not its probability given the wide range of factors often at play in practice. By focusing on the possible, such investigations can lead policy makers to believe that de-identification is a useless activity. However, our research showed that de-identification is only one part of a larger strategy of deterrents that can be used to manage risk. By intelligently combining de-identification with other technical risk mitigation approaches (e.g., controlled access) and societal constructs (e.g., data use agreements and penalties), genomic data sharing solutions can be developed with appropriate levels of risk and utility for scientists and society. While our research laid the foundation for managing identification risk in genomic data sharing, significant questions remain regarding its translation into practical guidance. In particular, risk management models must be specialized to the type of data that is shared, the types of penalties (or punishments) available, and the costs of adopting and administering deterrence mechanisms. Thus, in the second phase of this research project, we propose to augment risk-based re-identification management frameworks to model and assess the deterrence approaches invoked by existing repositories, such as dbGaP (which holds a collection of smaller historical datasets from completed studies), as well as emerging initiatives, such as the Precision Medicine Initiative. This project will pursue three specific aims, designed to work in harmony, but at the same time sufficiently independent that if one fails, the research will still yield fruitful risk management guidance for genomic databases: 1) Develop game theoretic models to assess re-identification attacks at different levels of detail in genomic data sharing (e.g., aggregate summaries of the proportion of variants in case vs. control groups in association studies); 2) Characterize and measure the costs associated with common re-identification deterrence approaches for genomic data (e.g., physical investigatory reviews and virtual audits of IT system use); and 3) Optimize the parameterization of a deterrence policy (e.g., the amount of damages for violation of a data use agreement or the amount of time to withhold data from an attacker/investigator) given the expected value of genomic data. We will evaluate these approaches with a large repository of de-identified genomic and electronic medical records in use at a large academic medical center, datasets hosted at two federal repositories, and a web system that presents summary statistics from a cohort of 9000 participants.